Noting surprising here in itself, as the same spoof has been shown to work on the iPhone 5S, but this should worry Samsung owners:

With Apple’s Touch ID system, users are required to input their password one time before using a fingerprint for authentication. The password must be used again once each time the device is rebooted. This extra step seems annoying, but it prevents the very spoof achieved by SRLabs.

On Samsung’s Galaxy S5 however, no password is needed to access the device. Even after a reboot, a simple swipe of a finger will unlock the phone. And what could be much more alarming is the fact that, even after a reboot, users don’t need a password to access PayPal and make payments through the app if it has been configured for fingerprint authentication.

Of course it hardly matters if the fingerprint scanner rarely works properly, as The Verge wrote:

Even in hardware, Samsung touts capability rather than quality. One of the S5's flagship features is its fingerprint sensor, which lets you unlock your phone and even pay for things with one swipe of your finger. It does work, as long as you hold the phone in two hands and oh-so-carefully swipe your finger down the exact center of the home button, at the perfect angle and speed. If you get it wrong, it falls back on a pointlessly complex alphanumeric password. It's impossible to do in one hand, and I could type the world's longest, most secure password in less time than it typically took me to get the sensor to work. Next to Samsung's implementation, Apple's TouchID suddenly feels easy and consistent. (It's not.) I'll never actually use the S5’s fingerprint security, and I can't imagine anyone else will either.